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AMENDMENTS TO THE CLAIMS 
Please amend claims 1, 2, 4 - 7, 9, 1 1, 12, 14 - 17, and 19, as follows. 

1 . (Currently Amended) A machine-implemented method for managing access to data, 
the method comprising the steps of: 

detecting that a database command statement is issued; 

wherein said database command statement requires access to at least one column in a 
table; 

invoking a policy function which database metadata associates with at least one 

column in a table; 
receiving an expression returned by invoking said policy function; 
rewriting said database command statement by creating a modified database 

command statement that incorporates said expression; 
wherein the modified database command statement specifies, based on the expression, 

whether to mask a value of the at least one column by returning a mask of the 

value instead of the value; and 
executing said modified database command statement . 

2. (Currently Amended) The method of claim 1, 

wherein said database command statement requests at least two values located in at 
least two columns; 

wherein each of the two values are located in a different one of the at least two 
columns; and 

wherein the step of executing the modified database command statement includes at 
least 

returning at least one of the at least two values, and 

returning a masked value instead of at least a second of the at least two values. 
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3. (Previously Presented) The method of claim 1, wherein the expression is 
a condition expression. 

4. (Currently Amended) The method of claim 1 , wherein the masked value 
is returned for rows 

that are retrieved for the database command statement issued, 
that do not satisfy the condition, and 
to which access privileges are granted. 

5. (Currently Amended) The method of claim 1, further comprising: 

wherein said database metadata associates a list of one or more columns with a policy 
used for controlling access to the one or more columns; and 

wherein the step of rewriting is performed if a match is found between the at least one 
column to which the database command statement requires access and the list 
of one or more columns. 

6. (Currently Amended) The method of claim 1, wherein: 

said database metadata associates a list of one or more columns with a policy used for 

controlling access to the one or more columns; and 
the step of rewriting said database command statement by creating a modified 

database command statement is not performed if a match is not found between 

the list of one or more columns and the at least one column to which the 

database command statement requires access. 
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7. (Currently Amended). The method of claim 1, further comprising: 
creating the policy function that returns a condition expression; 
wherein the step of creating the modified database command statement includes 

incorporating the condition expression and the database command statement 

into the modified database command statement. 



8. (Original) The method of claim 7, further comprising: 

creating a policy referencing the policy function and specifying trigger columns that 
trigger implementing the policy. 



9. (Currently Amended) The method of claim 1 , further comprising registering the 

policy function with a database server, wherein the policy function returns a condition 
expression and the modified database command statement is based on the condition 
expression. 



10. (Cancelled) 



1 1 . (Currently Amended) A machine-readable medium carrying one or more sequences 
of instructions, which when executed by one or more processors, causes the one or 
more processors to perform a method comprising the steps of: 
detecting that a database command statement is issued; 

wherein said database command statement requires access to at least one column in a 
table; 

invoking a policy function which database metadata associates with at least one 

column in a table; 
receiving an expression returned by invoking said policy function; 
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rewriting said database comman d statement by creating a modified database 

command statement that incorporates said expression; 
wherein the modified database command statement specifies, based on the expression, 

whether to mask a value of the at least one column by returning a mask of the 

value instead of the value; and 
executing said modified database command statement . 



12. (Currently Amended) The machine readable medium of claim 1, 

wherein said database command statement requests at least two values located in at 
least two columns; 

wherein each of the two values are located in a different one of the at least two 
columns; and 

wherein the step of executing the modified database command statement includes at 
least 

returning at least one of the at least two values, and 

returning a masked value instead of at least a second of the at least two values. 

1 3 . (Previously Presented) The machine-readable medium of claim 1 , 
wherein the expression is a condition expression. 



14. (Currently Amended) The machine-readable medium of claim 1, wherein the masked 
value is returned for rows 

that are retrieved for the database command statement issued, 
that do not satisfy the condition, and 
to which access privileges are granted. 
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(Currently Amended) The machine-readable medium of claim 1, 
Wherein said database metadata associates a list of one or more columns with a 

policy used for controlling access to the one or more columns; and 
wherein the step of rewriting is performed if a match is found between the at least one 
column to which the database command statement requires access and the list 
of one or more columns. 

(Currently Amended) The machine-readable medium of claim 1, wherein: 
said database metadata associates a list of one or more columns with a policy used for 

controlling access to the one or more columns; and 
the step of rewriting said database command statement by creating a modified 

database comman d statement is not performed if a match is not found between 
the list of one or more columns and the at least one column to which the 
database command statement requires access. 

17. (Currently Amended) The machine-readable medium of claim 1, wherein the steps 
further comprise 

creating the policy function that returns a condition expression; 

wherein the step of creating the modified database command statement includes 

incorporating the condition expression and the database command s tatement 

into the modified database command statement. 



18. (Previously Presented) The machine-readable medium of claim 7, wherein the steps 
further comprise creating a policy referencing the policy function and specifying 
trigger columns that trigger implementing the policy. 



15. 



16. 
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19. (Currently Amended>The machine-readable medium of claim 1, wherein the steps 
further comprise registering the policy function with a database server, wherein the 
policy function returns a condition expression and the modified database 
command statement is based on the condition expression. 

20. (Cancelled) 
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